ASM 11.4 brute force prevention

Question

Hello,&nbsp;
I am trying to configure brute force prevention on ASM 11.4 on a login, where the username and password parameters are on different pages.
when I access the site and enter the username, a 302 redirect page is triggered and a page with a password field appears.&nbsp;
How can I troubleshoot the issue on the ASM itself? Can i Capture/save the username parameter and use it during the password login page?&nbsp;
Example:
main page with the username field /cb/pages/jsp-ns/submitUserName.jsp....username is entered.Then 
302 /cb/pages/jsp-ns/login2.jsp   ... entering the password.&nbsp;
Any assistance is appreciated.&nbsp;
Thanks, 
George&nbsp;

chris_grant · Answer

Looking over our brute force prevention, I don't think you can use this in a situation where the username is submitted then the password is requested on a completely different page which in no way references the Username. If you have both a username and a password in the submitted data for the password page, we should be able to make it work.

Forum Discussion

ASM 11.4 brute force prevention

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

2026 is Almost Here

VIP is not responding on SYN after enabling other modules like ASM, APM and AFM.

Related Content

SSH Brute Force Protection with SSH Proxy

HTTP Brute Force Mitigation Playbook: Bot Profile for Brute Force Mitigations - Chapter 5

Brute Force protection for single parameter like OTP

HTTP Brute Force Mitigation Playbook: BIG-IP LTM Mitigation Options for HTTP Brute Force Attacks - Chapter 3

HTTP Brute Force Mitigation Playbook: Slow Brute Force Protection Using Behavioural DOS - Chapter 6

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS